Search

In September of 2001, I was conducting a comprehensive security audit of a major health care insurer. They were dealing with the early days of the HIPAA regulations and needed to assess data and application controls in their environments. Then 9/11 happened. All air travel was suspended and major city centers such as NYC, Chicago,…

The streets are empty, offices are closed, and your favorite bar around the corner is shut down until… well, we don’t know when. COVID-19 has taken us all by surprise and companies are implementing work-from-home policies at a rapid pace. Working from home can, at times, feel like a prison. If you’re one of the…

As organizations prepare to protect their workforce from Coronavirus (COVID-19), they need to balance best health practices with best security practices. More companies are establishing remote work policies to create a social distance that decreases the spread of the virus. While this acts as a deterrent for further infection, remote work inherently increases the data…

Guest Blog by Michael Rasmussen, Research Analyst at GRC 20/20 Research Business today is changing minute-by-minute and second-by-second. Processes and technology and their configurations are changing. Employees and their access into systems are changing as they are hired, change roles, inherit rights, and ultimately leave the organization. Transactions and vendors are changing. The pace of…

As we enter the new year, the criticality of securing sensitive data will continue to mold and transform the structure of security strategies across enterprises, resulting in a heightened focus on access controls, visibility solutions, and (generally) data-centric ERP investments. With numerous data privacy regulations on the horizon, the cost of data breaches will be…

In July, Capital One reported a breach that compromised the personal information for about 100 million customers. A former employee of a third-party service stole the data earlier in the year and Capital One initially discovered the theft from a tip.  While data breaches and cyber attacks are now almost routine news, this incident serves…

It’s that famous line delivered by Joshua (a.k.a. WOPR, or War Operation Plan Response) to Matthew Broderick in the movie WarGames from 1983. It’s been a long time since that movie first came out, so here’s a quick refresher – Broderick thinks he’s hacking into a software developer and gains access to a host of…

by Jasmine Chennikara-Varghese This year’s Verizon Data Breach Investigation Report (DBIR) analyzes the current threat landscape and provides insights for improving cyber defenses. The 2019 DBIR is based on data gathered from more than 40,000 cybersecurity incidents and over 2,000 confirmed data breaches across 86 countries.  The real world data in the DBIR reinforces that…

By Jasmine Chennikara-Varghese As applications and the sensitive data they contain migrate to the cloud, the risks linked to insider threat persist. Cloud services empower end users to be more mobile, flexible and productive while also simplifying IT management and improving cost-efficiency. However, the cloud also expands the attack surfaces, enabling exploits and exposing vulnerabilities…